On Sun 20/Mar/2022 20:47:57 +0100 John R Levine wrote:
On Sun, 20 Mar 2022, Alessandro Vesely wrote:
Maybe performance doesn't matter. However, what do we expect to find out by
a tree walk? We'd come to the same conclusion as using the ICANN only list
unless their record contains psd=y. Correct?
No, that is completely wrong.
I guess you didn't read what I wrote. Let me restate.
Currently, we have this situation:
ale@pcale:~/tmp/zdkimfilter/svn/src$ dig _dmarc.virtualcloud.com.br txt
; <<>> DiG 9.16.22-Debian <<>> _dmarc.virtualcloud.com.br txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52124
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 16cef50e4a9c56f301000000623854b73b6e24c1798b712e (good)
;; QUESTION SECTION:
;_dmarc.virtualcloud.com.br. IN TXT
;; ANSWER SECTION:
_dmarc.virtualcloud.com.br. 3600 IN TXT "v=DMARC1; p=none;
rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; sp=none;
fo=0:1:d:s; pct=100; ri=86400; aspf=s"
Hence, a tree walk starting at a.users.scale.virtualcloud.com.br will end up there.
Since com.br and br have no DMARC record, virtualcloud.com.br is going to be the actual
org domain for any subdomain thereof. That's what I meant by "come to the same
conclusion as using the ICANN only list".
Since you strove to find an example where string comparison doesn't determine
alignment, I assume that the tree walk should be specified so as to mirror the
results of the full PSL.
Please review the previous thousand messages about why we are
switching to a tree walk.
I'm not so much interested in the why as in the how, therefore I think that
reading just Scott's message of last Wednesday[*] suffices. His rewriting of
Section 4.6 considers two cases:
1. If a DMARC record contains the psd= tag set to 'n' (psd=n), this
is the Organizational Domain and the selection process is
complete.
2. From the DMARC records that do not contain the psd= tag set to
'y' (psd=y), select the record for the domain with the smallest
number of labels. This is the Organizational Domain and the
selection process is complete.
Given that, it seems that, if virtualcloud.com.br sets psd=y, it cannot become
the org domain for d=scale.virtualcloud.com.br. OTOH, if it does not set
psd=y, users.scale.virtualcloud.com.br will not result the org domain of
a.users.scale.virtualcloud.com.br, as happens using the full PSL.
Best
Ale
--
[*] https://mailarchive.ietf.org/arch/msg/dmarc/H_PfAuJP95OQ7WSA-rIxtl3XOx4/
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
